<?php
	include("../../include/dbconnect.php");
	extract($_POST);
	$table="quyengroups";
	
	session_start();
	header("Content-Type: text/xml");
	echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";
	echo "<$table>";
	if($_SESSION["un"]=="")
	{
		echo "<status>fail</status>";
		echo "<message>Chưa đăng nhập !</message>";
	}
	elseif($_SESSION["un"]!="admin")
	{
		echo "<status>fail</status>";
		echo "<message>Phải là người dùng admin !</message>";
	}
	else 
	{
		$daco=false;
		$rs=mysql_query("select * from $table where magrp='$magrp' and mamod='$mamod'",$conn);
		$daco=(mysql_num_rows($rs)>0);
		mysql_free_result($rs);
		
		$SQL="insert into $table ";
		$SQL=$SQL."(magrp,mamod,select_r,insert_r,update_r,delete_r) ";
		$SQL=$SQL." values ('$magrp','$mamod','$xem','$them','$sua','$xoa')";

		if($daco)
		{
			$SQL="update $table set ";
			$SQL=$SQL."select_r='$xem',insert_r='$them',update_r='$sua',delete_r='$xoa'";
			$SQL=$SQL." where magrp='$magrp' and mamod='$mamod'";
		}
		mysql_query($SQL,$conn) or die(mysql_error());
		echo "<status>ok</status>";
		echo "<message>Đã cập nhật quyền hạn !</message>";
	}
	
	echo "</$table>";
	include("../../include/dbclose.php");
?>